Anomaly detection in cyber-physical systems: A formal methods approach
- 1 December 2014
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE) in 53rd IEEE Conference on Decision and Control
- p. 848-853
- https://doi.org/10.1109/cdc.2014.7039487
Abstract
As the complexity of cyber-physical systems increases, so does the number of ways an adversary can disrupt them. This necessitates automated anomaly detection methods to detect possible threats. In this paper, we extend our recent results in the field of inference via formal methods to develop an unsupervised learning algorithm. Our procedure constructs from data a signal temporal logic (STL) formula that describes normal system behavior. Trajectories that do not satisfy the learned formula are flagged as anomalous. STL can be used to formulate properties such as “If the train brakes within 500 m of the platform at a speed of 50 km/hr, then it will stop in at least 30 s and at most 50 s.” STL gives a more human-readable representation of behavior than classifiers represented as surfaces in high-dimensional feature spaces. STL formulae can also be used for early detection via online monitoring and for anomaly mitigation via formal synthesis. We demonstrate the power of our method with a physical model of a train's brake system. To our knowledge, this paper is the first instance of formal methods being applied to anomaly detection.Keywords
This publication has 11 references indexed in Scilit:
- Temporal logic inference for classification and prediction from dataPublished by Association for Computing Machinery (ACM) ,2014
- Attack models and scenarios for networked control systemsPublished by Association for Computing Machinery (ACM) ,2012
- Parametric Identification of Temporal PropertiesLecture Notes in Computer Science, 2012
- Cyber-physical attacks in power networks: Models, fundamental limitations and monitor designPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2011
- Monitorability of Stochastic Dynamical SystemsLecture Notes in Computer Science, 2011
- Robustness of temporal logic specifications for continuous-time signalsTheoretical Computer Science, 2009
- Anomaly detectionACM Computing Surveys, 2009
- Lessons Learned from the Maroochy Water BreachPublished by Springer Science and Business Media LLC ,2007
- One-class support vector machines—an application in machine fault detection and classificationComputers & Industrial Engineering, 2005
- On the existence of executions of hybrid automataPublished by Institute of Electrical and Electronics Engineers (IEEE) ,1999